Vulnerabilites related to bedita - bedita
cve-2019-15570
Vulnerability from cvelistv5
Published
2019-08-26 14:29
Modified
2024-08-05 00:49
Severity ?
EPSS score ?
Summary
BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/bedita/bedita/pull/1608 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bedita/bedita/pull/1608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T14:29:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bedita/bedita/pull/1608"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bedita/bedita/pull/1608",
"refsource": "MISC",
"url": "https://github.com/bedita/bedita/pull/1608"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15570",
"datePublished": "2019-08-26T14:29:04",
"dateReserved": "2019-08-25T00:00:00",
"dateUpdated": "2024-08-05T00:49:13.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-9260
Vulnerability from cvelistv5
Published
2018-07-05 02:00
Modified
2024-08-06 08:43
Severity ?
EPSS score ?
Summary
An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/bedita/bedita/releases/tag/v3.7.0 | x_refsource_MISC | |
| https://github.com/bedita/bedita/issues/755#issuecomment-148036760 | x_refsource_MISC | |
| https://github.com/cybersecurityworks/Disclosed/issues/8 | x_refsource_MISC | |
| https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:43:42.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bedita/bedita/releases/tag/v3.7.0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T21:05:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bedita/bedita/releases/tag/v3.7.0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bedita/bedita/releases/tag/v3.7.0",
"refsource": "MISC",
"url": "https://github.com/bedita/bedita/releases/tag/v3.7.0"
},
{
"name": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760",
"refsource": "MISC",
"url": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760"
},
{
"name": "https://github.com/cybersecurityworks/Disclosed/issues/8",
"refsource": "MISC",
"url": "https://github.com/cybersecurityworks/Disclosed/issues/8"
},
{
"name": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html",
"refsource": "MISC",
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9260",
"datePublished": "2018-07-05T02:00:00",
"dateReserved": "2018-07-04T00:00:00",
"dateUpdated": "2024-08-06T08:43:42.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1040
Vulnerability from cvelistv5
Published
2015-01-15 15:00
Modified
2024-08-06 04:33
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) "note text" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2015/Jan/16 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://seclists.org/oss-sec/2015/q1/115 | mailing-list, x_refsource_MLIST | |
| https://github.com/bedita/bedita/issues/566 | x_refsource_CONFIRM | |
| http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/71949 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150108 Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150111 Re: CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q1/115"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bedita/bedita/issues/566"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html"
},
{
"name": "71949",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) \"note text\" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-15T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20150108 Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150111 Re: CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q1/115"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bedita/bedita/issues/566"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html"
},
{
"name": "71949",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) \"note text\" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150108 Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/16"
},
{
"name": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150111 Re: CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/115"
},
{
"name": "https://github.com/bedita/bedita/issues/566",
"refsource": "CONFIRM",
"url": "https://github.com/bedita/bedita/issues/566"
},
{
"name": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html"
},
{
"name": "71949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1040",
"datePublished": "2015-01-15T15:00:00",
"dateReserved": "2015-01-11T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6809
Vulnerability from cvelistv5
Published
2015-09-04 15:00
Modified
2024-09-16 23:45
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/bedita/bedita/issues/623 | x_refsource_CONFIRM | |
| http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/38051/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:29:24.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bedita/bedita/issues/623"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website"
},
{
"name": "38051",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38051/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-09-04T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bedita/bedita/issues/623"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website"
},
{
"name": "38051",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38051/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bedita/bedita/issues/623",
"refsource": "CONFIRM",
"url": "https://github.com/bedita/bedita/issues/623"
},
{
"name": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website",
"refsource": "CONFIRM",
"url": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website"
},
{
"name": "38051",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38051/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6809",
"datePublished": "2015-09-04T15:00:00Z",
"dateReserved": "2015-09-04T00:00:00Z",
"dateUpdated": "2024-09-16T23:45:43.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2015-01-15 15:59
Modified
2024-11-21 02:24
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) "note text" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bedita:bedita:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36E335ED-B8BA-470D-9C81-B1264325C8E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) \"note text\" field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en el backend adiministrativo en BEdita 3.4.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s (1) del campo lrealname en el formulario editProfile en index.php/home/profile; del campo (2) data[title] o (3) data[description] en el formulario addQuickItem en index.php; del campo (4) \u0027note text\u0027 en el formulario saveNote en index.php/areas; o del campo (5) titleBEObject o (6) tagsArea en el formulario updateForm en index.php/documents/view."
}
],
"id": "CVE-2015-1040",
"lastModified": "2024-11-21T02:24:31.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-15T15:59:28.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/16"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/oss-sec/2015/q1/115"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/71949"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/bedita/bedita/issues/566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/oss-sec/2015/q1/115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/71949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/bedita/bedita/issues/566"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-07-05 02:29
Modified
2024-11-21 02:40
Severity ?
Summary
An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/bedita/bedita/issues/755#issuecomment-148036760 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/bedita/bedita/releases/tag/v3.7.0 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/cybersecurityworks/Disclosed/issues/8 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bedita/bedita/issues/755#issuecomment-148036760 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bedita/bedita/releases/tag/v3.7.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cybersecurityworks/Disclosed/issues/8 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bedita:bedita:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40F3AE2B-CA3A-43C7-9A3B-808027038969",
"versionEndExcluding": "3.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en versiones anteriores a la 3.7.0 de BEdita. Ocurre un ataque Cross-Site Scripting (XSS) mediante un URI pages/showObjects, tal y como queda demostrado adjuntando una carga \u00fatil a un URI pages/showObjects/2/0/0/leafs."
}
],
"id": "CVE-2015-9260",
"lastModified": "2024-11-21T02:40:10.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-05T02:29:00.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/bedita/bedita/releases/tag/v3.7.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9260-bedita.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/bedita/bedita/issues/755#issuecomment-148036760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/bedita/bedita/releases/tag/v3.7.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-04 15:59
Modified
2024-11-21 02:35
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bedita:bedita:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6C54E-5A65-409F-B76F-4A95B120AF99",
"versionEndIncluding": "3.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en BEdita en versiones anteriores a 3.6.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) cfg[projectName] en index.php/admin/saveConfig, (2) data[stats_provider_url] en index.php/areas/saveArea o (3) data[description] en index.php/areas/saveSection."
}
],
"id": "CVE-2015-6809",
"lastModified": "2024-11-21T02:35:41.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-09-04T15:59:06.417",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/bedita/bedita/issues/623"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/38051/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.bedita.com/news/bedita-3-6-0-corylus-release-announcement-and-new-website"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/bedita/bedita/issues/623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/38051/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-26 15:15
Modified
2024-11-21 04:29
Severity ?
Summary
BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bedita/bedita/pull/1608 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bedita/bedita/pull/1608 | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bedita:bedita:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C31ED5A9-BCFB-46A4-B2F2-F8C9CA6666F4",
"versionEndIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bedita:bedita:4.0.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "EE3F5980-ECB6-47E4-9CD1-C222397976AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bedita:bedita:4.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "59802BEC-8D2C-4C5D-94EE-CCF3B774A84E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bedita:bedita:4.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "988F6CF0-CA2B-4579-AE24-562C5E3E0ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bedita:bedita:4.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "842670BA-D131-4CE8-A337-4015AC56A03F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bedita:bedita:4.0.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "0B452E98-3646-4E77-AD96-C3ACEF0EB66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bedita:bedita:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1A16289C-B048-41CF-9B86-964E3F3798F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BEdita through 4.0.0-RC2 allows SQL injection during a save operation for a relation with parameters."
},
{
"lang": "es",
"value": "BEdita versiones hasta 4.0.0-RC2, permite la inyecci\u00f3n SQL durante una operaci\u00f3n de guardar para una relaci\u00f3n con los par\u00e1metros."
}
],
"id": "CVE-2019-15570",
"lastModified": "2024-11-21T04:29:02.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-26T15:15:12.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bedita/bedita/pull/1608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/bedita/bedita/pull/1608"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}